Professional Documents
Culture Documents
Terraform - Automating Infrastructure As A Service: Michael Howard
Terraform - Automating Infrastructure As A Service: Michael Howard
Terraform - Automating Infrastructure As A Service: Michael Howard
Service
Michael Howard
Computer Science Department
Portland State University
Portland, USA
mihoward@pdx.edu
Fig. 2: Terraform actions go through a provider Fig. 3: An HCL example declaring the required
module to translate into API calls specific to that provider, a VPC and subnet.
provider.
IV. F RAMEWORK E NVIRONMENT
III. C ONFIGURATION L ANGUAGE Environments that can run Terraform are the CLI, Terraform
Cloud, Terraform Enterprise and CDK. The CLI is the most
Terraform scans configuration files and generates a cor- common. Pre-built binaries can be downloaded or the Golang
responding plan. The configuration files are written in the source code1 can be cloned and built. The Terraform tool
HashiCorp Configuration Language (HCL). This language is runs on a local set of configuration files. These files can be
declarative. Declarative offers an advantage over imperative organized into subdirectories which Terraform will automati-
in that the desired state of the infrastructure can be directly cally traverse. The state file is typically generated in the same
coded. An imperative language requires defining all the interim directory that the tool runs from. However, there is a remote
steps to arrive at the desired state. option which generates state files in a remote, central location
The main purpose of HCL is to define resources. The code is such that multiple Terraform clients may apply their plans and
written in blocks with each block representing an infrastructure still synchronize their view of the existing infrastructure.
object. A Terraform configuration is a complete document in Terraform Cloud is a Terraform environment hosted by
HCL telling Terraform how to manage a given collection of HashiCorp. As a hosted service, users log in to generate and
infrastructure resources. Figure 3 shows example code that
declares the required provider plugin as well as a VPC and 1 https://github.com/hashicorp/terraform
apply plans. The Terraform tool-chain itself is maintained by
HashiCorp while the state files are centrally stored such that all
users are running against the same current infrastructure state.
Terraform Enterprise is a self-hosted version of Terraform
Cloud. If offers the same cloud-based feature set but is
designed to be deployed within an enterprise’s private cloud.
Another version of the CLI or local environment is the
Cloud Development Kit (CDK). Rather than running the CLI
tool directly, CDK permits five supported high-level languages
to generate and apply Terraform plans. Code in these supported
languages is able to call in to the Terraform framework,
replacing the Terraform CLI. Section VI provides further
details on CDK.
V. P ROVIDERS
Fig. 4: CDK and other pathways to define config-
Terraform relies on plugins called providers to interact and uration, input to Terraform and provision infras-
abstract the various infrastructure providers. Each provider tructure through multiple providers. Configuration
must be declared in the configuration using the “provider” input may be through CDK, CRDS, HCL or
block type. Once a provider has been declared, the correspond- JSON.
ing plugin is included while generating the plan. Declared
resources utilize the provider’s underlying API to perform
create, update and delete actions needed to ensure the resource VII. A LTERNATIVES
ends up in the desired state. Terraform provides an abstraction of providers and their re-
Providers come from a publicly available registry of known sources. It can represent physical hardware, virtual machines,
plugins2 . The list is extensive and covers all known cloud, containers, network configurations, email and Domain Name
Software as a Service (SaaS) and other APIs. These provider Service (DNS) providers. Given the breadth of resources and
plugins allow the resource and data source blocks to be providers, Terraform does overlap with other tools. Some of
declared without needing details on the specific provider’s these tools will be discussed here.
API. Each provider maintains documentation on the Terraform
blocks it supports along with the corresponding parameters. A. Chef and Puppet
Chef3 and Puppet4 are configuration management tools.
VI. C LOUD D EVELOPMENT K IT They are designed to install and manage software on compute
resources that already exist. Terraform instead focuses on the
The Cloud Development Kit (CDK) for Terraform allows bootstrapping and initializing of those compute resources. It
the use of other programming language to define and provi- works well in conjunction with configuration management.
sion infrastructure. CDK gives access to the entire Terraform
B. CloudFormation and Heat
ecosystem without requiring development in HashiCorp Con-
figuration Language (HCL) and running it via the CLI tool. CloudFormation5 and Heat6 are both tools that represent
Additionally, a user can more easily integrate with an exist- infrastructure as code, just like Terraform. The configuration
ing tool-chain for testing and dependency management. The files allow the infrastructure to be elastically created, modified
following languages are currently supported: and destroyed. The big advantage which Terraform provides
is it is provider-agnostic. CloudFormation is an Amazon Web
• Typescript Service (AWS) tool and only works with provisioning other
• Python AWS resources. Heat similarly operates only on an OpenStack
• Java API. Terraform not only supports multiple providers but can
• C# also combine resources from each into a single plan. Thus, it
• Go introduces multi-cloud provisioning.
Figure 4 shows the various input pathways to Terraform. Another feature which Terraform has over CloudFormation
CDK may be invoked from its five supported languages while and Heat is the separation of the plan and execution. Terraform
configuration code in HCL or JSON require the Terraform has the distinct stage to generate a plan which also takes into
CLI. Kubernetes’ Custom Resource Definitions (CRDS) are
3 https://www.chef.io/
another possibility but will not be covered here. 4 https://puppet.com/
5 https://aws.amazon.com/cloudformation/
2 https://registry.terraform.io/browse/providers 6 https://docs.openstack.org/heat/latest/
account the existing state of the infrastructure. The plan is
then optionally reviewed and approved before the apply stage
executes each plan action. Terraform also has a graph feature
which displays the plan actions ordered by dependency.